Changing SNMP community strings on PP8600 rel. 3.7.3

[pat2006]

Hi.

I'm running a Passport 8600 (sorry "Ethernet Routing Switch 8600") and was wondering, how do I change the SNMP v2 default community strings? When I chenged them in device manager, they didn't survive a reboot - I did "save config"!

I'm not ready to use SNMP v3.

Version 3.7 no longer has a CLI command for SNMP v2 configurations. Why?

Thanks.

 

[telecom116]

After a certain SW version (I believe 3.5 and 3.7), the SNMP strings are not stored in the config file, but in a hidden file on the /flash volume.

I've never changed them in DM; I always change them in the CLI. Maybe DM won't let you change the string you're using to communicate with the 8600 at that time.

config sys set snmp community <ro|rw|l1|l2|l3|rwa> <commstr>

 

[pat2006]

The command you're referring to is no longer available in Rel. 3.7.x, hence my problem...

 

[anthonyanderberg]

The realese notes for v4.1.0 mention that the sys set snmp command is no longer available. As you may recall the 4.1 branch is a merger of the 4.0 branch and features added to the 3.7 branch since the 3.5/4.0 code split.

Anyway, the release notes say that we should refer to the documents Configuring Network Management and Configuring and Managing Security for more information... I have not looked into it any further than that.

 

[pat2006]

I looked through the documents you mentioned, including those mentioned in the documents you mention..... no luck!!!

I'm still open to suggestions!

 

[dchace]

Try:

config snmp-v3 community first new-commname <read-string>
config snmp-v3 community second new-comname <write-string>

You may also need an access-policy to allow snmp access.

 

[HungryHouse]

Doesn't the following good ol' reliable still work?:
"config cli password"
(then you select which level you'd like from there- such as RO, RW, RW etc)
We tried this with 3.5.9, 3.7.5, and then also on 4.0.5 and I was able to get this working from all three versions.
What are you seeing on your 3.7.3 pat 2006?

Thanks,
HH

 

[pat2006]

The config cli password command is for telnet/console access. What I'm looking to change is the default SNMP community strings for programs like Device Manager to access the switch. Right now it's set to "public" and "private".

I think dchace is onto something. I finaly found some documentation (configuring and managing security) refering to the commands you listed. I'm not sure how to get the commands to refer to SNMP v2, since I'm not using v3.

I'll have to do some more digging. I don't believe this is explained properly in the Nortel documentation.

Thanks for your input guys.

 

[HungryHouse]

Oops- sorry pat2006- I read this a bit too quickly first time. Regarding the SNMP v1/v2 comm strings, the:
config sys set snmp
command is available in later 3.5.x code, but as of 3.7, they remapped everything to access-policies.
I saw some excellent notes on it in the 3.7.11 release notes.
-HH

 

[pat2006]

Thanks HungryHouse. I found the notes you're refering to.

I just have to take some time to read and understand what's going on.

Thanks again.

 

[rjfan91]

Pat,

Any luck? I'm in the same exact boat.

Thanks.

 

[pat2006]

Hi rjfan91.

Yep. I was able to change the community strings.

I used the following commands:

config snmp-v3 commnity commname first new-commname <new_public>

config snmp-v3 community commname second new-commname <new_private>

new_public and new_private would be your new public and private community strings.

After this, use config snmp-v3 community info. Ensure that there are only entries for "first" and "second". Any others should be removed.

SNMP-v3 on the 8600 is a bit confusing. Check out the docs referred to in earlier posts and you'll see what I mean.

I hope this helps.